IPsec overview

IPsec (IP Security) is a suite of protocols for securing data transmitted over IP networks. It provides authentication, integrity verification, and encryption of IP packets. IPsec is primarily used for VPN tunneling and network perimeter protection.

Modes of operation

Transport mode — only the packet payload is encrypted; the original IP header is preserved. Used for direct host-to-host connections and to protect tunnels established by other means.

Tunnel mode — the entire original IP packet is encrypted — payload, header, and routing information — and then encapsulated inside a new packet. Used to connect remote hosts to a VPN and to link separate network segments over public channels such as the internet.

The two modes are not mutually exclusive: a single node can use transport mode for some connections and tunnel mode for others.

Use cases

VPN tunnels — the primary use case for IPsec. The ESP and AH protocols operate in tunnel mode, encrypting all traffic between endpoints.

Firewall — by configuring security policies, IPsec can filter packets according to defined rules. For example:

• block HTTP and HTTPS traffic by dropping the corresponding packets;
• for a web server, allow only connections on port 80 (TCP) or 443 (TCP for HTTPS) and drop everything else.

Server protection — when using the ESP protocol, all requests to the server and its responses are encrypted. Traffic beyond the VPN gateway within the encryption domain is transmitted in plaintext.

LAN traffic encryption — IPsec in transport mode secures connections between a file server and workstations within a local network.

Connecting offices — IPsec in tunnel mode provides a secure link between the networks of two or more offices over the internet.